Bugzilla – Bug 1197453
VUL-1: CVE-2021-28275: jhead: Denial of Service via wild address read in the Get16u function via a crafted_file
Last modified: 2022-07-25 01:23:58 UTC
CVE-2021-28275 A Denial of Service vulnerability exists in jhead 3.04 and 3.05 due to a wild address read in the Get16u function in exif.c in will cause segmentation fault via a crafted_file. References: http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2021-28275 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-28275 https://github.com/Matthias-Wandel/jhead/issues/17
This is an autogenerated message for OBS integration: This bug (1197453) was mentioned in https://build.opensuse.org/request/show/990913 Backports:SLE-15-SP3 / jhead
There is a strange thing in Backports: openSUSE:Backports:SLE-15:Update contains version 3.00 openSUSE:Backports:SLE-15-SP1:Update contains version 3.00 openSUSE:Backports:SLE-15-SP2:Update contains version 3.06.0.1 openSUSE:Backports:SLE-15-SP3:Update contains version 3.00 openSUSE:Backports:SLE-15-SP4:Update contains version 3.06.0.1, but a slightly different spec than SP2 That is why I suggest to fix this bug by updating all repositories to 3.06.0.1. It is a binary tool, there are no known incompatibilities. Submitted 3.06.0.1 for: openSUSE:Backports:SLE-15-SP3:Update: https://build.opensuse.org/request/show/990913 openSUSE:Backports:SLE-15-SP1:Update: BuildService API error: Server did not define a default maintenance project, can't submit. openSUSE:Backports:SLE-15:Update: BuildService API error: Server did not define a default maintenance project, can't submit. If SLE 15 and SP1 are wanted, please tell me where to submit.